---
- include: "mount_fs.yml"

- command: "ls -dZ /var/lib/pgsql"
  register: pgsql_ls

- name: update selinux context for postgress db dir if it's wrong
  command: "restorecon -vvRF /var/lib/pgsql"
  when: pgsql_ls.stdout is defined and 'postgresql_db_t' not in  pgsql_ls.stdout

- name: install pkgs for copr-frontend
  action: yum state=present pkg={{ item }}
  with_items:
  - "copr-frontend"
  - "bash-completion"
  - "mod_ssl"
  tags:
  - packages

- name: install copr configs
  template: src="copr.conf" dest=/etc/copr/copr.conf mode=600
  notify:
  - reload httpd
  tags:
  - config

- name: disable firewalld
  service: name=firewalld enabled=no state=stopped

- name: enable and start redis  # TODO: .service in copr-backend should depend on redis
  service: name=redis enabled=yes state=started

- name: copy apache files to conf.d
  copy: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
  with_items:
  - "welcome.conf"
  - "coprs.conf"
  tags:
  - config

- name: install copr-frontend ssl vhost for production
  copy: src="httpd/coprs_ssl.conf" dest="/etc/httpd/conf.d/copr_ssl.conf"
  when: not devel
  tags:
  - config

- include: "psql_setup.yml"

- name: populate db
  command: ./manage.py create_db --alembic alembic.ini
  sudo: yes
  sudo_user: copr-fe
  args:
    chdir: /usr/share/copr/coprs_frontend/

- name: upgrade db to head
  command: alembic upgrade head
  sudo: yes
  sudo_user: copr-fe
  args:
    chdir: /usr/share/copr/coprs_frontend/

- name: set up chroots
  command: ./manage.py create_chroot epel-5-i386 epel-5-x86_64 epel-6-i386 epel-6-x86_64 epel-7-x86_64 fedora-20-i386 fedora-20-x86_64 fedora-21-i386 fedora-21-x86_64 fedora-22-i386 fedora-22-x86_64 fedora-rawhide-i386 fedora-rawhide-x86_64
  sudo: yes
  sudo_user: copr-fe
  args:
    chdir: /usr/share/copr/coprs_frontend/

- name: set up admins
  command: ./manage.py alter_user --admin {{ item }}
  sudo: yes
  sudo_user: copr-fe
  args:
    chdir: /usr/share/copr/coprs_frontend/
  ignore_errors: yes
  with_items:
  - msuchy
  - sgallagh
  - spot
  - nb
  - kevin
  - vgologuz

- name: install ssl certificates for production
  include: "install_certs.yml"
  when: not devel
  tags:
  - config

- name: enable services
  service: state=running enabled=yes name={{ item }}
  with_items:
  - httpd
  - logstash

- name: set acl for logstash to access httpd logs
  acl: name=/var/log/httpd entity=logstash etype=user permissions=rx state=present

- name: set dev banner for dev instance
  when: devel
  copy: src=banner-include.html dest=/var/lib/copr/

